CVE-2006-7117

N/A Unknown
Published: March 06, 2007 Modified: April 23, 2026
View on NVD

Description

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.securityfocus.com/bid/21352
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/30570
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/30572
Source: cve@mitre.org
https://www.exploit-db.com/exploits/2863
Source: cve@mitre.org
http://www.securityfocus.com/bid/21352
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/30570
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/30572
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/2863
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
4.7%
89th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

kubix

Related CVEs

CVE-2026-8696 7.5
CVE-2026-45672 8.8
CVE-2026-45402 8.1
CVE-2026-45401 8.5
CVE-2026-45400 8.5